package com.wuw.gateway.config.security;

import com.wuw.gateway.config.security.handler.AuthenticationFaillHandler;
import com.wuw.gateway.config.security.handler.AuthenticationSuccessHandler;
import com.wuw.gateway.config.security.handler.CustomHttpBasicServerAuthenticationEntryPoint;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;

@Configuration
@EnableWebFluxSecurity
public class SecurityConfig{

    @Autowired
    private AuthenticationSuccessHandler authenticationSuccessHandler;
    @Autowired
    private AuthenticationFaillHandler authenticationFaillHandler;
    @Autowired
    private CustomHttpBasicServerAuthenticationEntryPoint customHttpBasicServerAuthenticationEntryPoint;

    //security的鉴权排除列表
    @Value("#{'${custom.spring.security.excluded}'.split(',')}")
    private String[] securityExcludedAuthPages;

    @Bean
    SecurityWebFilterChain webFluxSecurityFilterChain(ServerHttpSecurity http) throws Exception {

        http.cors()
        .and()
        .authorizeExchange()
        .pathMatchers(securityExcludedAuthPages).permitAll()  //无需进行权限过滤的请求路径
        .pathMatchers(HttpMethod.OPTIONS).permitAll() //option 请求默认放行
        .anyExchange().authenticated()
        .and()
        .httpBasic()
        .and()
        .formLogin()
        .authenticationSuccessHandler(authenticationSuccessHandler) //认证成功
        .authenticationFailureHandler(authenticationFaillHandler) //登陆验证失败
        .and().exceptionHandling().authenticationEntryPoint(customHttpBasicServerAuthenticationEntryPoint)  //基于http的接口请求鉴权失败
        .and().csrf().disable()//必须支持跨域
        .logout().disable();
        return http.build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {

        return  NoOpPasswordEncoder.getInstance(); //默认
    }

}

